Method and apparatus for encrypting and decrypting information

ABSTRACT

An encryption key is generated in response to a plurality of information pieces being bases for the encryption key. Original information is encrypted into encryption-resultant information in response to the generated encryption key. The encryption-resultant information is divided into units. Each of the units is loaded with encryption control information for identifying the plurality of information pieces being the bases for the encryption key.

BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates to a method of encrypting information, a methodof decrypting information, an apparatus for encrypting information, andan apparatus for decrypting information.

Furthermore, this invention relates to an information recording medium.

2. Description of the Related Art

Japanese patent application publication number 10-269289/1998 disclosesa system for managing the distribution of digital contents. In thesystem of Japanese application 10-269289, a distributor side encryptsand compresses digital contents into processing-resultant digitalcontents. The distributor side transmits the processing-resultantdigital contents, an encryption-resultant contents key, andencryption-resultant accounting information to a communication oppositeparty. The distributor side implements a process of receiving a chargeon the basis of contents use information transmitted from thecommunication opposite party. Then, the distributor side implements aprocess of dividing the received charge among interested personsincluding a copyright holder of the digital contents. On the other hand,a user side (a digital contents player) decrypts and expands theprocessing-resultant digital contents in response to the contents key,thereby reproducing the original digital contents. The user sidesubjects the accounting information to a reducing process responsive tothe use of the digital contents. The user side transmits the reducedaccounting information and the contents use information to thedistributor side.

In the system of Japanese application 10-269289, a third person canillegally reproduce the original digital contents when getting theoriginal contents key.

Japanese patent application publication number 10-283268/1998 disclosesa system in which a recording medium stores encryption-resultant maininformation, and also encryption-resultant information representing akey for decrypting the encryption-resultant main information.Non-encrypted information representing conditions of decrypting theencryption-resultant main information is added to theencryption-resultant key information. In more detail, theencryption-resultant key information has non-encrypted controlinformation which contains device information and region information.The control information is designed to prevent the encryption-resultantmain information from being copied onto a magnetic recording medium oran optical disc in a user side for illegal use thereof.

The system of Japanese application 10-283268 has a problem as follows.The non-encrypted control information in the encryption-resultant keyinformation can easily be altered by a third person. The alteration ofthe non-encrypted control information enables the third person toillegally copy the encryption-resultant main information.

Japanese patent application publication number 7-140896/1995 disclosesfirst and second systems each for encrypting an ordinary text file. Inthe first system of Japanese application 7-140896, the ordinary textfile is divided into ordinary text blocks each having the smallest limitof a data size range in which data can be transmitted between a diskbuffer and an on-memory data area used by an application program. Theordinary text blocks are encrypted into encryption-resultant text blocksin response to a user key. The encryption-resultant text blocks areconnected to form an encryption-resultant text file.

In the second system of Japanese application 7-140896, the ordinary textfile is divided into ordinary text blocks each having the smallest limitof a data size range in which data can be transmitted between a diskbuffer and an on-memory data area used by an application program. Datakeys are generated from a user key and values peculiar to the respectiveordinary text blocks. The total number of data keys is equal to that ofthe ordinary text blocks. The values of the offsets of the ordinary textblocks from the head of the ordinary text file are used as the peculiarvalues, respectively. The ordinary text blocks are encrypted intoencryption-resultant text blocks in response to the data keys,respectively. The encryption-resultant text blocks are connected to forman encryption-resultant text file.

The first and second systems of Japanese application 7-140896 tend to beinsufficient in security.

SUMMARY OF THE INVENTION

It is a first object of this invention to provide a method of encryptinginformation which is improved in security.

It is a second object of this invention to provide a method ofdecrypting information which is improved in security.

It is a third object of this invention to provide an apparatus forencrypting information which is improved in security.

It is a fourth object of this invention to provide an apparatus fordecrypting information which is improved in security.

It is a fifth object of this invention to provide an informationrecording medium improved in security.

A first aspect of this invention provides a method comprising the stepsof generating an encryption key in response to a plurality ofinformation pieces being bases for the encryption key; encryptingoriginal information into encryption-resultant information in responseto the generated encryption key; dividing the encryption-resultantinformation into units; and loading each of the units with encryptioncontrol information for identifying the plurality of information piecesbeing the bases for the encryption key.

A second aspect of this invention provides a method comprising the stepsof detecting encryption control information in each of units composingencryption-resultant information, the encryption control informationbeing for identifying a plurality of information pieces being bases foran encryption key; identifying the plurality of information pieces beingthe bases for the encryption key in response to the detected encryptioncontrol information; generating the encryption key from the identifiedplurality of information pieces being the bases for the encryption key;and decrypting each of the units composing the encryption-resultantinformation into a unit of original information in response to thegenerated encryption key.

A third aspect of this invention provides an information encryptingapparatus comprising first means for generating an encryption key inresponse to a plurality of information pieces being bases for theencryption key; second means for encrypting original information intoencryption-resultant information in response to the encryption keygenerated by the first means; third means for dividing theencryption-resultant information generated by the second means intounits; and fourth means for loading each of the units with encryptioncontrol information for identifying the plurality of information piecesbeing the bases for the encryption key.

A fourth aspect of this invention provides an information decryptingapparatus comprising first means for detecting encryption controlinformation in each of units composing encryption-resultant information,the encryption control information being for identifying a plurality ofinformation pieces being bases for an encryption key; second means foridentifying the plurality of information pieces being the bases for theencryption key in response to the encryption control informationdetected by the first means; third means for generating the encryptionkey from the identified plurality of information pieces being the basesfor the encryption key; and fourth means decrypting each of the unitscomposing the encryption-resultant information into a unit of originalinformation in response to the encryption key generated by the thirdmeans.

A fifth aspect of this invention provides an information recordingmedium which stores encryption-resultant information divided into units,wherein each of the units contains encryption control information foridentifying a plurality of information pieces to generate an encryptionkey.

A sixth aspect of this invention provides a method comprising the stepsof dividing original information into original-information units;generating an encryption key in response to a plurality of informationpieces being bases for the encryption key; encrypting each of theoriginal-information units into an encryption-resultant information unitin response to the generated encryption key; and loading theencryption-resultant information unit with encryption controlinformation for identifying the plurality of information pieces beingthe bases for the encryption key.

A seventh aspect of this invention provides an information encryptingapparatus comprising first means for dividing original information intooriginal-information units; second means for generating an encryptionkey in response to a plurality of information pieces being bases for theencryption key; third means for encrypting each of theoriginal-information units generated by the first means into anencryption-resultant information unit in response to the encryption keygenerated by the second means; and fourth means for loading theencryption-resultant information unit generated by the third means withencryption control information for identifying the plurality ofinformation pieces being the bases for the encryption key.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of an information recording and reproducingapparatus according to a first embodiment of this invention.

FIG. 2 is a diagram of a file structure used in the case where libraryinformation is recorded on a recording medium.

FIG. 3 is a diagram of the structure of a file in FIG. 2.

FIG. 4 is a diagram of the structure of a third-level segment in FIG. 3.

FIG. 5 is a diagram of a data format on a recording medium.

FIG. 6 is a diagram of a unit set identifier, encryption controlinformation, and seeds for an encryption key.

FIG. 7 is a diagram of the syntax structure of a second-level segment inFIG. 3.

FIG. 8 is a diagram of the syntax structure of a third-level segment inFIG. 3.

FIG. 9 is a diagram of the syntax structure of a fifth-level segment inFIG. 4.

FIG. 10 is a block diagram of a portion of an encryption key generatorin FIG. 1.

FIG. 11 is a diagram of a unit set identifier, encryption controlinformation, and seed groups in a second embodiment of this invention.

FIG. 12 is a diagram of a unit set identifier, encryption controlinformation, and a seed-group identifier in a third embodiment of thisinvention.

FIG. 13 is a diagram of a unit set identifier, encryption controlinformation, and basic initial values for an encryption block in afourth embodiment of this invention.

FIG. 14 is a block diagram of a portion of an encryption key generatorin the fourth embodiment of this invention.

FIG. 15 is a diagram of a unit set identifier, encryption controlinformation, and basic-initial-value groups in a fifth embodiment ofthis invention.

FIG. 16 is a diagram of a unit set identifier, encryption controlinformation, and a group identifier in a sixth embodiment of thisinvention.

FIG. 17 is a block diagram of an information-communications apparatusaccording to a seventh embodiment of this invention.

DETAILED DESCRIPTION OF THE INVENTION First Embodiment

FIG. 1 shows an information recording and reproducing apparatusaccording to a first embodiment of this invention. The apparatus of FIG.1 includes an MPEG (Motion Picture Experts Group) encoder 22 forconverting an input video signal and an input audio signal into adigital signal conforming to the MPEG standards. The input video signaland the input audio signal compose an audio-visual contents signal (anaudio-visual program signal). The input video signal and the input audiosignal are, for example, analog. The MPEG encoder 22 outputs the MPEGdigital signal to a unit generator 23.

The unit generator 23 divides the output signal of the MPEG encoder 22into units referred to as first digital information units. The unitgenerator 23 outputs the first digital information units to anencryption control information recorder 24. The encryption controlinformation recorder 24 receives encryption control information from anencryption key generator 27. The encryption control information recorder24 adds the encryption control information to the first digitalinformation units to generate second digital information units. Theencryption control information recorder 24 outputs the second digitalinformation units to an encrypting device 25.

The encrypting device 25 receives a signal representative of anencryption key from the encryption key generator 27. The encryptingdevice 25 encrypts the second digital information units in response tothe encryption key to generate encryption-resultant digital informationunits. Preferably, the encryption key is varied from second digitalinformation unit to second digital information unit. The encryption keymay be updated for every prescribed number of second digital informationunits. The encrypting device 25 outputs the encryption-resultant digitalinformation units to a recording controller 26. The recording controller26 implements recording control concerning the encryption-resultantdigital information units. The recording controller 26 passes theencryption-resultant digital information units to a main reader/writer11 as contents information. The main reader/writer 11 writes thecontents information on a recording medium 1. The main reader/writer 11reads out the contents information from the recording medium 1.

The apparatus of FIG. 1 further includes a user interface 21 which canbe operated by a user. The user interface 21 generates command signalsin accordance with operation by the user. The user interface 21 isconnected to the MPEG encoder 22 and the encryption key generator 27.

A library information management device 20 is connected to the userinterface 21. The library information management device 20 handleslibrary information having pieces including a piece representing thetitle of an audio-visual program (contents) to be recorded, and a piecerepresenting the date and time of the start of the recording of theaudio-visual program. The library information is also referred to asside information. The library information management device 20 formatsand deformats the library information (the side information). Thelibrary information management device 20 sends and receives the libraryinformation to and from a library information reader/writer 19. Thelibrary information reader/writer 19 sends and receives the libraryinformation to and from the main reader/writer 11. The libraryinformation reader/writer 19 enables the main reader/writer 11 to writethe library information on the recording medium 1 and read out thelibrary information therefrom.

In addition, the apparatus of FIG. 1 includes an encryption controlinformation reproducer 12 which receives the read-out contentsinformation from the main reader/writer 11. The encryption controlinformation reproducer 12 extracts encryption control information fromthe read-out contents information. The encryption control informationreproducer 12 outputs the extracted encryption control information to anencryption key generator 13. The encryption control informationreproducer 12 passes the read-out contents information to a decryptingdevice 14. The encryption key generator 13 produces a signalrepresentative of an encryption key in response to the encryptioncontrol information. The encryption key generator 13 outputs the signalof the encryption key to the decrypting device 14. Preferably, theencryption key generator 13 is basically similar in structure to theencryption key generator 27. The decrypting device 14 decrypts theread-out contents information into decryption-resultant digitalinformation units in response to the encryption key. The decryptingdevice 14 outputs the decryption-resultant digital information units toa unit combiner 15.

The unit combiner 15 connects the decryption-resultant digitalinformation units into an original MPEG digital signal. The unitcombiner 15 outputs the MPEG digital signal to a playback controller 16.The playback controller 16 implements playback control concerning theMPEG digital signal. The playback controller 16 passes the MPEG digitalsignal to an MPEG decoder 17. The playback controller 16 is connectedwith the user interface 21. The MPEG decoder 17 decodes the MPEG digitalsignal into an original video signal and an original audio signal whichare, for example, analog. The MPEG decoder 17 outputs the video signaland the audio signal to a monitor 18. The monitor 18 indicates contents(an audio-visual program) represented by the video signal. The monitor18 converts the audio signal into corresponding sounds. The monitor 18is connected with the library information management device 20 and theMPEG encoder 22.

The apparatus of FIG. 1 further includes a CPU 50 connected to thedevices 11-27 for controlling them. The CPU 50 can transmit signalsamong the devices 11-27. The CPU 50 has a combination of an input/outputport, a processing section, a ROM, and a RAM. The CPU 50 operates inaccordance with a control program stored in the ROM or the RAM. Thecontrol program is designed to enable the CPU 50 to implement operationsteps mentioned later.

Operation of the apparatus of FIG. 1 can be changed among differentmodes including a playback mode (a reproducing mode) and a recordingmode.

The playback mode of operation of the apparatus of FIG. 1 is as follows.When a signal representative of a command to monitor detailedinformation about audio-visual programs is inputted via the userinterface 21, the CPU 50 controls the main reader/writer 11 and thelibrary information reader/writer 19 to read out library information(side information) from a recording medium 1. The library information isstructured data indicating explanations and attributes of contents(audio-visual programs). The library information is in a file having aname “SIDE.ifo” (see FIG. 2). The library information is of a structureor a format such as shown in FIGS. 3 and 4. The library informationcontains information pieces concerning respective audio-visual programs,and information pieces concerning respective indexes being segmentsresulting from dividing each audio-visual program at prescribed timeintervals. These information pieces in the library information haveexplanations of corresponding contents (corresponding audio-visualprograms). Accordingly, the library information is detailed informationabout audio-visual programs. The read-out library information istransmitted from the main reader/writer 11 to the library informationmanagement device 20 via the library information reader/writer 19. Thelibrary information management device 20 processes the libraryinformation into a video signal of a predetermined program informationindication format which represents a program information picture havingan area provided with a picture of the library information by layout.The library information management device 20 outputs the video signal tothe monitor 18. The monitor 18 indicates the program information picturehaving the library information which is the detailed information aboutthe audio-visual programs. The program information picture showsdesignation numbers (identification numbers) assigned to theaudio-visual programs respectively.

The user interface 21 is provided with a remote control device havingkeys and buttons including a playback start button and a recording startbutton.

The user decides desired one among the audio-visual programs whilewatching the detailed information thereabout which is indicated on themonitor 18. The user actuates the keys on the remote control device toinput a signal representing the designation number assigned to thedesired audio-visual program. In addition, the user presses the playbackstart button. The user interface 21 informs the CPU 50 that the playbackstart button is pressed. The CPU 50 functions to transmit a playbackstart signal to the playback controller 16 when being informed that theplayback start button is pressed. In addition, the CPU 50 transmits thesignal of the designation number assigned to the desired audio-visualprogram to the playback controller 16. The CPU 50 causes the playbackcontroller 16 to pass the playback start signal to the mainreader/writer 11. The playback controller 16 informs the mainreader/writer 11 of the designation number assigned to the desiredaudio-visual program. The playback controller 16 may convert thedesignation number assigned to the desired audio-visual program into theon-medium address thereof. In this case, the playback controller 16informs the main reader/writer 11 of the on-medium address of thedesired audio-visual program. The main reader/writer 11 reads outcontents information, which represents the desired audio-visual program,from the recording medium 1 in response to the playback start signal andthe on-medium address of the desired audio-visual program (or thedesignation number assigned to the desired audio-visual program). Themain reader/writer 11 outputs the read-out contents information to theencryption control information reproducer 12.

The encryption control information reproducer 12 detects encryptioncontrol information in each of successive units composing the read-outcontents information. The encryption control information reproducer 12may detect a unit set identifier and encryption control information ineach of successive units composing the read-out contents information.The unit set identifier will be explained later. The encryption controlinformation reproducer 12 sends the encryption control information (orthe unit set identifier and the encryption control information) to theencryption key generator 13. The encryption control informationreproducer 12 passes the read-out contents information to the decryptingdevice 14. The encryption key generator 13 identifies encryption-keybase information in response to the encryption control information (orthe unit set identifier and the encryption control information). Theencryption-key base information means information representing a basefor an encryption key. The encryption key generator 13 produces a signalrepresentative of an encryption key in response to the identifiedencryption-key base information. The encryption key generator 13 outputsthe signal of the encryption key to the decrypting device 14.Preferably, the encryption key generator 13 is basically similar instructure to the encryption key generator 27. The decrypting device 14decrypts each of successive units composing the read-out contentsinformation into a decryption-resultant digital information unit inresponse to the encryption key. The decrypting device 14 outputs thedecryption-resultant digital information unit to the unit combiner 15.

The unit combiner 15 sequentially receives decryption resultant digitalinformation units from the decrypting device 14. The unit combiner 15connects the decryption-resultant digital information units into anoriginal MPEG digital signal. The unit combiner 15 outputs the MPEGdigital signal to the playback controller 16. The playback controller 16passes the MPEG digital signal to the MPEG decoder 17. The MPEG decoder17 decodes the MPEG digital signal into an original video signal and anoriginal audio signal. The MPEG decoder 17 outputs the video signal andthe audio signal to the monitor 18. The monitor 18 indicates contents(an audio-visual program) represented by the video signal. The monitor18 converts the audio signal into corresponding sounds. The playbackcontroller 16 implements playback control concerning the MPEG digitalsignal. Specifically, the playback controller 16 counts framesrepresented by the MPEG digital signal since the moment of the start ofthe playback of the present audio-visual program. The playbackcontroller 16 decides whether or not the MPEG digital signal reaches anending point of the present audio-visual program on the basis of thenumber of counted frames. When the MPEG digital signal reaches theending point of the present audio-visual program, the playbackcontroller 16 sends a playback end signal to the main reader/writer 11.The main reader/writer 11 halts the read-out of the contents informationfrom the recording medium 1 in response to the playback end signal.

The recording mode of operation of the apparatus of FIG. 1 is asfollows. When the recording start button is pressed so that a signalrepresentative of a command to record an input audio-visual contentssignal (an input audio-visual program signal) is inputted via the userinterface 21, the CPU 50 transmits a recording start signal to therecording controller 26. The input audio-visual contents signal is, forexample, a broadcasted audio-visual contents signal. Informationrepresenting the title of an audio-visual program to be recorded isinputted via the user interface 21. The program-title information istransmitted from the user interface 21 to the library informationmanagement device 20. The library information management device 20 getsinformation representing the date and time of the start of the recordingof the audio-visual program. The library information management device20 formats the program-title information and the recording start dateinformation into library information (side information) of a prescribedformat which will be explained later. The library information managementdevice 20 sends the library information to the library informationreader/writer 19. The CPU 50 controls the main reader/writer 11 and thelibrary information reader/writer 19 to record the library informationon a recording medium 1.

The MPEG encoder 22 receives the input audio-visual contents signal, andencodes the received audio-visual contents signal into a digital signalconforming to the MPEG standards. The MPEG encoder 22 outputs the MPEGdigital signal to the unit generator 23. The MPEG digital signal is atransport stream of packets (MPEG transport stream packets). The unitgenerator 23 divides the output signal of the MPEG encoder 22 into TS(transport steam) units which are sequentially arranged. As shown inFIG. 5, each of the TS units includes a prescribed number of successiveMPEG transport stream packets. The unit generator 23 provides a headerarea in each of the TS units. In each TS unit, the header area precedesa first MPEG transport stream packet. The unit generator 23 outputs theresultant TS units to the encryption control information recorder 24.The unit generator 23 produces a signal representing every timing (everyunit timing) which corresponds to the boundary between adjacent TSunits. The unit generator 23 outputs the unit-timing signal to theencryption key generator 27. The encryption control information recorder24 receives encryption control information from the encryption keygenerator 27. As shown in FIG. 6, the encryption control information isdesigned to identify encryption-key base information. The encryptioncontrol information recorder 24 receives a unit set identifier from theencryption key generator 27. The encryption control information recorder24 loads each of the header ares of the TS units with the encryptioncontrol information and the unit set identifier to get header-addedcomplete TS units. The encryption control information recorder 24outputs the header-added complete TS units to the encrypting device 25.

The user operates the user interface 21 to set the level of the securityof the audio-visual contents (the audio-visual program) to be recorded.The CPU 50 transmits a signal representative of the set security levelfrom the user interface 21 to the encryption key generator 27. Theencryption key generator 27 produces encryption control information inresponse to the security-level signal. Preferably, the encryption keygenerator 27 updates the encryption control information in response tothe unit-timing signal. In this case, the encryption control informationis varied from TS unit to TS unit. The encryption control informationmay be updated for every prescribed number of TS units. The encryptionkey generator 27 identifies encryption-key base information in responseto the encryption control information in a way explained later. Theencryption key generator 27 produces a signal representative of anencryption key from the identified encryption-key base information. Theencryption key generator 27 outputs the signal of the encryption key tothe encrypting device 25. At the same time, the encryption key generator27 outputs the encryption control information to the encryption controlinformation recorder 24.

The encryption key generator 27 produces the unit set identifier inresponse to the unit-timing signal. The encryption key generator 27outputs the produced unit set identifier to the encryption controlinformation recorder 24.

The encrypting device 25 encrypts the complete TS units except theirheaders in response to the encryption key to generateencryption-resultant TS units. The encrypting device 25 outputs theencryption-resultant TS units to the recording controller 26. Therecording controller 26 includes a buffer memory for storing contentsdata forming the encryption-resultant TS units. Each time the contentsdata stored in the buffer memory reaches a prescribed amount, therecording controller 26 transfers the contents data from the buffermemory to the main reader/writer 11 while being controlled by the CPU50. The main reader/writer 11 writes the contents data on the recordingmedium 1 as encryption-resultant contents information. Theencryption-resultant contents information recorded on the recordingmedium 1 is of a data format or a data structure in FIG. 5.

The format concerning side information (library information) recorded ona recording medium 1 will be explained below. The recording medium 1 hasa plurality of members including, for example, magnetic tapes, magneticdisks, or optical disks. The recording medium 1 stores a directory,folders, and files in a hierarchical structure. Specifically, as shownin FIG. 2, the recording medium 1 stores a ROOT directory under which afolder named “TAPE_LIB” is placed. Under the folder “TAPE_LIB”, thereare a plurality of files named “SIDE0.ifo”, “SIDE1.ifo”, . . . , and“SIDEn.ifo” respectively. The files “SIDE0.ifo”, “SIDE1.ifo”, . . . ,and “SIDEn.ifo” are loaded with side-information pieces(library-information pieces) which relate to the recording-mediummembers, respectively. In general cases where each recording-mediummember stores a plurality of audio-visual programs, the correspondingfile “SIDEj.ifo (j=0, 1, . . . , n)” relates to the plurality ofaudio-visual programs.

With reference to FIG. 3, each file “SIDEj.ifo (j=0, 1, . . . , n)” isin a format having a hierarchical structure. Specifically, each file“SIDEj.ifo (j=0, 1, . . . , n)” has a first-level segment“TOTAL_MANAGER_IFO” containing second-level segments “GENERAL_IFO” and“CNTNT_IFO”. The second-level segment “GENERAL_IFO” is loaded withparameters relating to the whole of the present side-information piece.

The second-level segment “GENERAL_IFO” is of a syntax structure shown inFIG. 7. Specifically, the second-level segment “GENERAL_IFO” is composedof information pieces having syntax names “System ID”, “Version”,“Character Set”, “Num of CNTNT_IFO”, and “Start Adrs of CNTNT_IFO”,respectively. The information piece “System ID” is an 8-bitidentification signal (ID) representing that related information is ofthe present format. The information piece “Version” is an 8-bit signalrepresenting a version number. The information piece “Character Set” isa 4-bit signal representing a text code by which text information in therelated audio-visual programs is expressed. The information piece “Numof CNTNT_IFO” is an 8-bit signal representing the total number ofprogram information pieces “PR_IFO” which will be explained later. Theinformation piece “Start Adrs of CNTNT_IFO” is a 32-bit signalrepresenting the head address of a first program information piece“PR_IFO_(—)0”.

The second-level segment “CNTNT_IFO” in FIG. 3 contains third-levelsegments “PR_IFO_(—)0”, “PR_IFO_(—)1”, . . . , and “PR_IFO_n” loadedwith information pieces which relate to audio-visual programsrespectively. Each of the third-level segments “PR_IFO_(—)0”,“PR_IFO_(—)1”, . . . , and “PR_IFO_n” is of a syntax structure shown inFIG. 8. Specifically, each third-level segment “PR_IFO” is composed ofinformation pieces having syntax names “End Adrs of PR_IFO”, “PRnumber”, “Playback Time”, “Num of INDEX”, “REC Date”, “REC Time”, “PRtext information size”, “PR text information”, “Content nibble 1”,“Content nibble 2”, “V_ATR”, and “A_ATR”, respectively. The informationpiece “End Adrs of PR_IFO” is a 32-bit signal representing the endaddress of the present third-level segment “PR_IFO”. The informationpiece “PR number” is an 8-bit signal representing the designation number(the identification number) assigned to the related audio-visualprogram. The information piece “Playback Time” is a 32-bit signalrepresenting the playback time of the related audio-visual program. Theinformation piece “Num of INDEX” is an 8-bit signal representing thenumber of indexes into which the related audio-visual program isdivided. The indexes correspond to different scenes, respectively. Theinformation piece “Rec Date” is a 32-bit signal representing the date ofthe recording of the related audio-visual program. The information piece“Rec Time” is a 24-bit signal representing the time of the recording ofthe related audio-visual program. The information piece “PR textinformation size” is an 8-bit signal representing the number of bytescomposing text information indicative of a brief explanation of therelated audio-visual program. The information piece “PR textinformation” is an N-byte signal being the text information. Theinformation pieces “Content nibble 1” and “Content nibble 2” are 8-bitsignals representing the genre of the related audio-visual program. Theinformation piece “V_ATR” is a 32-bit signal representing thecompression parameters, the video bit rate, and the video pixel size.The information piece “A_ATR” is a 32-bit signal representing the audiochannel number and the audio bit rate.

The third-level segments “PR_IFO_0”, “PR_IFO_1” . . . , and “PR_IFO_n”are similar in structure. Only the third-level segment “PR_IFO_(—)0”will be explained in more detail. As shown in FIG. 4, the third-levelsegment “PR_IFO_(—)0” contains fourth-level segments “PROG_IFO” and“IDX_IFO”. The fourth-level segment “IDX_IFO” contains fifth-levelsegments “IDX_IFO_(—)0”, “IDX_IFO_(—)1”, . . . , and “IDX_IFO_k” loadedwith information pieces which relate to respective indexes of therelated audio-visual program. Each of the fifth-level segments“IDX_IFO_(—)0”, “IDX_IFO_(—)1”, . . . , and “IDX_IFO_k” is of a syntaxstructure shown in FIG. 9. Specifically, each fifth-level segment“IDX_IFO_j (j=0, 1, . . . , or k)” is composed of information pieceshaving syntax names “End Adrs of INDEX_IFO”, “INDEX number”, “PlaybackTime”, “Start frame of INDEX”, and “End frame of INDEX”, respectively.The information piece “End Adrs of INDEX_IFO” is a 32-bit signalrepresenting the end address of the present fifth-level segment“IDX_IFO_j”. The information piece “INDEX number” is an 8-bit signalrepresenting the serial number assigned to the related index. Theinformation piece “Playback Time” is a 16-bit signal representing theplayback time of the related index. The information piece “Start frameof INDEX” is a 32-bit signal representing the order number of a startframe in the related index. The information piece “End frame of INDEX”is a 32-bit signal representing the order number of an end frame in therelated index.

A detailed description will be given of a method of generating anencryption key and also encryption control information for identifyingencryption-key base information. As shown in FIG. 6, the header of eachcomplete TS unit produced by the encryption control information recorder24 or the encrypting device 25 has a unit set identifier and encryptioncontrol information. The encryption control information is designed toidentify encryption-key base information (that is, informationrepresenting a base for an encryption key). The unit set identifier iscomposed of a 2-bit segment and a 1-bit segment. The 2-bit segment ofthe unit set identifier contained in the output signal of the encryptingdevice 25 indicates whether or not the related TS unit except its headerhas been encrypted. The 1-bit segment of the unit set identifierindicates whether or not an initial value for an encryption block shouldbe set. The encryption control information has 8 bits. The 8 bits of theencryption control information relate to respective information pieceswhich can be used as partial bases for an encryption key. Specifically,each of the 8 bits indicates whether or not the related informationpiece is used as a partial base for an encryption key. In more detail,each of the 8 bits which is “1” indicates that the related informationpiece is used as a partial base for an encryption key, while each of the8 bits which is “0” indicates that the related information piece is notused as a partial base for an encryption key.

The information pieces which can be used as partial bases for anencryption key are also referred to as the encryption-key baseinformation pieces. Preferably, the encryption-key base informationpieces are selected from 1) an information piece about an audio-visualprogram designation number or an audio-visual program identificationnumber, 2) an information piece about a region or regions correspondingto one or more countries, one or more zones, or one or more spaces, 3)an information piece about identification of an individual, 4) aninformation piece about identification of a group of persons, 5) aninformation piece about a rating, 6) an information piece aboutidentification of an apparatus maker or a device maker, 7) aninformation piece about identification of a contents provider, 8) aninformation piece about time, 9) an information piece about contentsauthoring persons, 10) an information piece about identification of areproducing apparatus or a reproducing device, 11) an information pieceabout identification of a connection apparatus or a connection device,12) an information piece about identification of a medium on whichcontents information is recorded, 13) an information piece aboutidentification of contents information, and 14) an information pieceabout accounting.

There are eight encryption-key base information pieces which can beselected to generate an encryption key. Partial bases for an encryptionkey which are formed by the eight information pieces are also referredto as seeds. Accordingly, there are eight seeds. The eight seeds areserially numbered, and are called a seed “1”, a seed “2”, a seed “3”, aseed “4”, a seed “5”, a seed “6”, a seed “7”, and a seed “8”. The 8 bitsof the encryption control information relate to the eight seeds,respectively. Specifically, each of the 8 bits of the encryption controlinformation which is “1” indicates that the related seed (theinformation piece corresponding to the related seed) is used as apartial base for an encryption key, while each of the 8 bits which is“0” indicates that the related seed (the information piece correspondingto the related seed) is not used as a partial base for an encryptionkey.

As shown in FIG. 10, the encryption key generator 27 includes memories27A1-27A8 storing the encryption-key base information piecescorresponding to the seeds “1”-“8” respectively. Preferably, the CPU 50(see FIG. 1) loads the memories 27A1-27A8 with the encryption-key baseinformation pieces. The encryption key generator 27 further includes aselector 27B, a calculator 27C, a memory 27D, and signal generators 27Pand 27Q. The memories 27A1-27A8 output the encryption-key baseinformation pieces (the seeds “1”-“8”) to the selector 27B. The signalgenerator 27P receives the security-level signal and the unit-timingsignal from the user interface 21 and the unit generator 23 (see FIG.1). The signal generator 27P produces the encryption control informationin response to the security-level signal and the unit-timing signal. Anexample of the signal generator 27P includes a ROM and a counter (forexample, a ring counter). The ROM stores different logic states of theencryption control information at different addresses respectively. Thecounter responds to the unit-timing signal to count pulses therein. Thesecurity-level signal and an output signal of the counter are combinedinto an address signal which designates an address in the ROM whichshould be accessed. The encryption control information is read out fromthe accessed address in the ROM. The read-out encryption controlinformation is used as the encryption control information produced bythe signal generator 27P. Preferably, the produced encryption controlinformation is varied from TS unit to TS unit. The produced encryptioncontrol information may be updated for every prescribed number of TSunits. The signal generator 27P outputs the produced encryption controlinformation to the selector 27B and the encryption control informationrecorder 24 (see FIG. 1). The device 27B selects ones from theencryption-key base information pieces (the seeds “1”-“8”) which relateto bits of “1” in the encryption control information, and does notselect the other encryption-key base information pieces which relate tobits of “0” in the encryption control information. The device 27B passesthe selected encryption-key base information pieces (the selected seeds)to the calculator 27C. The calculator 27C operates the selectedencryption-key base information pieces by a predetermined hash function,thereby generating a signal representative of an encryption key.Specifically, the calculator 27C inputs each of the selectedencryption-key base information pieces into the hash function. Thegenerated signal representative of the encryption key has a prescribednumber of bits. The hash function makes a character sequence correspondto a numerical value. The encryption key is based on one of knowncryptosystems. For example, in the case of DES (Data EncryptionStandard), the hash function is designed to generate a 56-bit signalrepresentative of an encryption key. The calculator 27C stores thesignal of the encryption key into the memory 27D. The memory 27D outputsthe signal of the encryption key to the encrypting device 25 (see FIG.1).

The signal generator 27Q receives the unit-timing signal from the unitgenerator 23 (see FIG. 1). The signal generator 27Q produces the unitset identifier in response to the unit-timing signal. Specifically, thesignal generator 27Q controls the 1-bit segment of the unit setidentifier in response to the unit-timing signal. The signal generator27Q controls the 2-bit segment of the unit set identifier to indicatethat a TS unit except its header has not yet been encrypted. The signalgenerator 27Q outputs the produced unit set identifier to the encryptioncontrol information recorder 24 (see FIG. 1). It should be noted thatwhen the encryption of a TS unit is completed, the encrypting device 25changes the 2-bit segment of a unit set identifier in the TS unit toindicate that the TS unit except its header has been encrypted.

The recording medium 1 which stores contents information and libraryinformation provides the following advantages. Recorded data (recordedinformation) can be reproduced by use of encryption control information.The encryption control information can enhance encryption security. Therecording medium 1 can form a high-security prerecorded medium. Therecording medium 1 can be used in a contents-information distributionsystem.

Preferably, the recording medium 1 includes a magnetic disk, a magnetictape, or an optical disk. The recording medium 1 may includeelectromagnetic wave or light. Information recorded on the recordingmedium 1 may include data in an electronic file (in an unrecordedstate).

Second Embodiment

A second embodiment of this invention is similar to the first embodimentthereof except for design changes mentioned hereafter. According to thesecond embodiment of this invention, as shown in FIG. 11, there are fourgroups “A”, “B”, “C”, and “D” of seeds (information pieces which can beused as partial bases for an encryption key). Encryption controlinformation for identifying encryption-key base information has 4 bits.The 4 bits of the encryption control information relate to the seedgroups “A”, “B”, “C”, and “D”, respectively. Specifically, each of the 4bits indicates whether or not the related seed group is used as apartial base for an encryption key. In more detail, each of the 4 bitswhich is “1” indicates that the related seed group is used as a partialbase for an encryption key, while each of the 4 bits which is “0”indicates that the related seed group is not used as a partial base foran encryption key. Since a smaller number of bits compose the encryptioncontrol information, a reduction in data amount is provided.

Third Embodiment

A third embodiment of this invention is similar to the second embodimentthereof except for design changes mentioned hereafter. According to thethird embodiment of this invention, numbers of “0”, “1”, “2”, and “3”are assigned to four seed groups “A”, “B”, “C”, and “D” respectively. Asshown in FIG. 12, encryption control information for identifyingencryption-key base information has a 2-bit seed-group identifier whichcan be changed among “0”, “1”, “2”, and “3”. The 2-bit seed-groupidentifier being “0” designates the seed group “A” as used one. The2-bit seed-group identifier being “1” designates the seed group “B” asused one. The 2-bit seed-group identifier being “2” designates the seedgroup “C” as used one. The 2-bit seed-group identifier being “3”designates the seed group “D” as used one. Since a smaller number ofbits compose the encryption control information, a reduction in dataamount is provided.

Fourth Embodiment

A fourth embodiment of this invention is similar to the first embodimentthereof except for an additional design mentioned hereafter. Accordingto the fourth embodiment of this invention, encryption controlinformation is used as encryption-related parameter information foridentifying encryption initial-value information. Encryption of contentsinformation is based on, for example, a CBC mode of DES. Here, CBC isshort for “Cipher Block Chaining”. The CBC mode of DES causes theencryption to be recursive in a chain on a block-by-block basis. Here,“block” is also referred to as “encryption block”. Preferably, achaining value is defined as follows. A chaining value is varied fromblock to block. A chaining value for a current block is generated on thebasis of encryption-resultant contents information in theimmediately-preceding block. Exclusive-OR operation is executed betweenthe chaining value for the current block and contents information in thecurrent block, and the result of Exclusive-OR operation is encrypted toget encryption-resultant contents information for the current block.With respect to a first block, the immediately-preceding block isabsent. Accordingly, a chaining value for a first block is normallyunavailable. Thus, a chaining value for a first block is fed as aninitial value in a suitably way. In other words, a chaining value for afirst block is set to an initial value.

Preferably, a chaining value for a first block in every limited blockstream portion is set to an initial value. Preferably, a bit indicatingwhether or not setting should be done is provided in a unit setidentifier so that setting can be implemented at a prescribed timing. Aninitial value for a first block can be utilized in improvingcryptosystem security.

According to the fourth embodiment of this invention, as shown in FIG.13, there are eight information pieces representing basic initial valuesrespectively. The eight basic initial values are serially numbered, andare called a basic initial value “1”, a basic initial value “2”, a basicinitial value “3”, a basic initial value “4”, a basic initial value “5”,a basic initial value “6”, a basic initial value “7”, and a basicinitial value “8”. Encryption control information for identifyingencryption basic-initial-value information has 8 bits. The 8 bits of theencryption control information relate to the eight basic initial values“1”-“8”, respectively. Specifically, each of the 8 bits of theencryption control information which is “1” indicates that the relatedbasic initial value (the information piece representing the relatedbasic initial value) is used, while each of the 8 bits which is “0”indicates that the related basic initial value (the information piecerepresenting the related basic initial value) is not used.

The eight information pieces representing the basic initial values“1”-“8” are also referred to as the basic-initial-value informationpieces. Preferably, the basic-initial-value information pieces areselected from 1) an information piece about an audio-visual programdesignation number or an audio-visual program identification number, 2)an information piece about a region or regions corresponding to one ormore countries, one or more zones, or one or more spaces, 3) aninformation piece about identification of an individual, 4) aninformation piece about identification of a group of persons, 5) aninformation piece about a rating, 6) an information piece aboutidentification of an apparatus maker or a device maker, 7) aninformation piece about identification of a contents provider, 8) aninformation piece about time, 9) an information piece about contentsauthoring persons, 10) an information piece about identification of areproducing apparatus or a reproducing device, 11) an information pieceabout identification of a connection apparatus or a connection device,12) an information piece about identification of a medium on whichcontents information is recorded, 13) an information piece aboutidentification of contents information, and 14) an information pieceabout accounting.

As shown in FIG. 14, the encryption key generator 27 includes memories27E1-27E8 storing the information pieces representing the basic initialvalues “1”-“8” respectively. Preferably, the CPU 50 (see FIG. 1) loadsthe memories 27E1-27E8 with the information pieces representing thebasic initial values “1”-“8”. The encryption key generator 27 furtherincludes a selector 27F, a calculator 27G, and a memory 27H. Thememories 27E1-27E8 output the basicinitial-value information pieces (thebasic initial values “1”-“8”) to the selector 27F. The selector 27Freceives the encryption control information. The device 27F selects onesfrom the basic-initial-value information pieces (the basic initialvalues “1”-“8”) which relate to bits of “1” in the encryption controlinformation, and does not select the other basic-initial-valueinformation pieces which relate to bits of “0” in the encryption controlinformation. The device 27F passes the selected basic-initial-valueinformation pieces (the selected basic initial values) to the calculator27G. The calculator 27G operates the selected basic-initial-valueinformation pieces by a predetermined function, thereby generating asignal representative of an initial value. Specifically, the calculator27G inputs each of the selected basic-initial-value information piecesinto the predetermined function. The generated signal representative ofthe initial value has a prescribed number of bits. The predeterminedfunction corresponds to Exclusive-OR operation. The initial value isbased on one of known cryptosystems. For example, in the case of the CBCmode of DES, the predetermined function and the bit length are designedto generate a 64-bit signal representative of an initial value. Thecalculator 27G stores the signal of the initial value into the memory27H. The memory 27H outputs the signal of the initial value to theencrypting device 25 (see FIG. 1).

As previously mentioned, the header of every complete TS unit fed to theencrypting device 25 has a unit set identifier whose 1 bit segmentindicates whether or not a chaining value for an encryption block shouldbe set to an initial value. The encrypting device 25 responds to the1-bit segment of the unit set identifier. When the 1-bit segment of theunit set identifier indicates that a chaining value for an encryptionblock should be set to an initial value, the encrypting device 25 setsthe chaining value to the initial value notified by the encryption keygenerator 27. Otherwise, the encrypting device 25 does not set thechaining value to the initial value.

The encryption key generator 13 (see FIG. 1) may generate a signalrepresentative of the initial value as the encryption key generator 27does. In this case, the encryption key generator 13 outputs the signalof the initial value to the decrypting device 14 (see FIG. 1). Thedecrypting device 14 responds to the 1-bit segment of every unit setidentifier in the output signal of the encryption control informationreproducer 12 (see FIG. 1). When the 1-bit segment of a unit setidentifier indicates that a chaining value for an encryption blockshould be set to an initial value, the decrypting device 14 uses theinitial value notified by the encryption key generator 13 in thedecryption of the output signal of the encryption control informationreproducer 12.

Fifth Embodiment

A fifth embodiment of this invention is similar to the fourth embodimentthereof except for design changes mentioned hereafter. According to thefifth embodiment of this invention, as shown in FIG. 15, there are fourgroups “A”, “B”, “C”, and “D” of basic initial values (informationpieces representing the basic initial values). Encryption controlinformation for identifying encryption basic-initial-value informationhas 4 bits. The 4 bits of the encryption control information relate tothe basic-initial-value groups “A”, “B”, “C”, and “D”, respectively.Specifically, each of the 4 bits indicates whether or not the relatedbasic-initial-value group is used. In more detail, each of the 4 bitswhich is “1” indicates that the related basic-initial-value group isused, while each of the 4 bits which is “0” indicates that the relatedbasic-initial-value group is not used. Since a smaller number of bitscompose the encryption control information, a reduction in data amountis provided.

Sixth Embodiment

A sixth embodiment of this invention is similar to the fifth embodimentthereof except for design changes mentioned hereafter. According to thesixth embodiment of this invention, numbers of “0”, “1”, “2”, and “3”are assigned to four basic-initial-value groups “A”, “B”, “C”, and “D”respectively. As shown in FIG. 16, encryption control information foridentifying encryption basic-initial-value information has a 2-bit groupidentifier which can be changed among “0”, “1”, “2”, and “3”. The 2-bitgroup identifier being “0” designates the basic-initial-value group “A”as used one. The 2-bit group identifier being “1” designates thebasic-initial-value group “B” as used one. The 2-bit group identifierbeing “2” designates the basic-initial-value group “C” as used one. The2-bit group identifier being “3” designates the basic-initial-valuegroup “D” as used one. Since a smaller number of bits compose theencryption control information, a reduction in data amount is provided.

Seventh Embodiment

FIG. 17 shows an information-communications apparatus according to aseventh embodiment of this invention. The apparatus of FIG. 17 issimilar to the apparatus of FIG. 1 except for design changes mentionedhereafter. The apparatus of FIG. 17 includes a multiplexer/demultiplexer33 instead of the main reader/writer 11 (see FIG. 1). The apparatus ofFIG. 17 includes an antenna 31 and a transceiver 32. The transceiver 32is connected between the antenna 31 and the multiplexer/demultiplexer33.

Operation of the apparatus of FIG. 17 can be changed among differentmodes including a transmission mode and a reception mode.

During the transmission mode of operation, the multiplexer/demultiplexer33 receives contents information from the recording controller 26. Themultiplexer/demultiplexer 33 receives library information from thelibrary information reader/writer 19. The multiplexer/demultiplexer 33multiplexes the contents information and the library information. Themultiplexer/demultiplexer 33 outputs the multiplexing-resultantinformation to the transceiver 32. The transceiver 32 converts themultiplexing-resultant information into a radio signal. The transceiver32 feeds the radio signal to the antenna 31. The antenna 31 radiates theradio signal. The transceiver 32 controls the transmission of thecontents information.

During the reception mode of operation, the antenna 31 captures a radiosignal, and feeds the radio signal to the transceiver 32. Thetransceiver 32 converts the radio signal into multiplexing-resultantinformation. The transceiver 32 outputs the multiplexing-resultantinformation to the multiplexer/demultiplexer 33. Themultiplexer/demultiplexer 33 demultiplexes the multiplexing-resultantinformation into contents information and library information. Themultiplexer/demultiplexer 33 outputs the contents information to theencryption control information reproducer 12. Themultiplexer/demultiplexer 33 outputs the library information to thelibrary information reader/writer 19. The transceiver 32 controls thereception of the contents information.

Advantages Provided by Embodiments

The first to seventh embodiments of this invention provide advantagesindicated below.

Encryption-resultant contents information is divided into units. Everyunit holds encryption control information for identifying a plurality ofinformation pieces used as partial bases for an encryption key. In thecase where the encryption control information is varied from unit tounit while the partially editing of the contents information can beimplemented, the encryption key can easily be changed and the securitycan be enhanced.

Encryption-resultant contents information is divided into units. Everyunit holds encryption control information for identifying a plurality ofinformation pieces used as partial bases for an encryption key. Forevery unit, encryption control information is reproduced, andinformation pieces (encryption-key base information pieces) used aspartial bases for an encryption key are identified in response to thereproduced encryption control information. For every unit, theencryption key is generated from the identified encryption-key baseinformation pieces, and encryption-resultant contents information isdecrypted into original contents information in response to thegenerated encryption key. Therefore, even in the case where theencryption key is varied from unit to unit, the encryption-resultantcontents information can be correctly decrypted.

The recording medium 1 stores encryption-resultant contents informationwhich is divided into units. Every unit holds encryption controlinformation for identifying a plurality of information pieces used aspartial bases for an encryption key. In the case where the encryptioncontrol information is varied from unit to unit, even when theencryption-resultant contents information is illegally copied from therecording medium 1, it is difficult to reproduce original contentsinformation from the illegal copy. Therefore, the security can beenhanced.

1. A method of encrypting plain text information with an encryption key,the plain text information including digital contents, the methodcomprising the steps of: dividing the plain text information into unitseach corresponding to every prescribed number of successive packetsconforming to the MPEG standards; generating an encryption key frominformation pieces appointed for each of the units composing the plaintext information; encrypting each of the units composing the plain textinformation in response to the corresponding generated encryption key togenerate a unit of encryption-resultant information; generatingencryption control information for appointing the information piecesused in generating the encryption key for each of the units composingthe plain text information; and adding, to each of the units of theencryption-resultant information, the corresponding generated encryptioncontrol information.
 2. An apparatus for encrypting plain textinformation with an encryption key, the plain text information includingdigital contents, the apparatus comprising: means for dividing the plaintext information into units each corresponding to every prescribednumber of successive packets conforming to the MPEG standards; means forgenerating an encryption key from information pieces appointed for eachof the units composing the plain text information; means for encryptingeach of the units composing the plain text information in response tothe corresponding generated encryption key to generate a unit ofencryption-resultant information; means for generating encryptioncontrol information for appointing the information pieces used ingenerating the encryption key for each of the units composing the plaintext information; and means for adding, to each of the units of theencryption-resultant information, the corresponding generated encryptioncontrol information.